Simple authorization policy data structures and, increasingly, more complex authorization policy languages have been used to grant rights to access digital data. FIG. 1 illustrates a conventional mechanism for granting rights to access a resource. A trusted issuer 100 issues a license 102 to a principal 104. License 102 allows principal 104 to use a resource 106. Resource 106 may be a digital work in the form of an image, an audio or video file, or an e-book. License 102 identifies principal 104, resource 106, the right granted and any conditions. Resource 106 may also be a service.
One common draw back to existing authorization languages and data structures is that once a mechanism has been established, the format of a license cannot be changed without significant modifications to existing licenses and software used to interpret the licenses. For example, the format of licenses may require the identification of the principal by a social security number. If it is necessary or desirable to identify the principal differently, such as by name, with prior art authorization languages and data structures existing licenses and software must be modified to make this change. These types of modifications can be prohibitively difficult to implement. One difficulty involves the requirement to coordinate among a large number of entities, such as trusted issuers, license holders, resources, and access control modules. The difficulty increases as the number of existing licenses increases. As a result, a less than optimal authorization mechanism may exist for certain applications.
Therefore, there is a need in the art to extend authorization languages and data structures to facilitate the use of the languages and data structures to new implementations. In particular, there is a need in the art for an authorization language and data structure that provides compatibility between updated licenses and existing infrastructure.